Common cyberattacks in 2020 and how to stop them

In 2019, research showed that Australians had been reporting cybersecurity incidents every 10 minutes, with businesses suffering a loss of $29 billion each year.

Along with business disruption, such breaches have resulted in a critical loss of data, productivity, and damage to workplace equipment. Though technology continues to evolve in these dire times to fend off attackers and growing threats – so do the methods of cybercrime, with infiltrations growing ever-more sophisticated and efficient.

The threats of today’s IT landscape are likely far greater than those of the previous year; requiring all businesses and individual users to assess and implement any necessary upgrades to their current security systems.

Below, we discuss the most common cybersecurity threats of 2020 (so far) – and what you can do to stop them.

Phishing attacks

Phishing methods have always been a common form of cybercrime – landing itself amongst the top three security incidents experienced by Australian and New Zealand businesses between 2017 and 2018.

The tactic a type of social engineering attack, typically in the form of fraudulent e-mail or text; wherein hackers impersonate legitimate brands or companies as an attempt to trick users into revealing confidential account, financial, or personal information.

Mobile phishing attacks (directed at businesses) are predicted to rise in 2020, placing vital pressure on IT executives to focus on mobile security as part of their overall strategy.

To defend yourself and your business, ensure you’ve got reliable filtering tools installed. These help keep your inbox and network protected from spam or malicious e-mails, automatically assessing them for potential threats such as malware or viruses. Some even implement AI-based algorithms to continuously identify new techniques and methods used by spammers.

Popular and effective e-mail filtering tools include MailCleaner, Proofpoint, and the filtering functionalities that come with Office 365.

Ransomware

Alongside unauthorized bank and e-mail access, ransomware has been reported among the top three cybercrimes experienced by Australians.

Though the form of attack has, fortunately, experienced decline among individuals in recent times – studies show that the rate of detections among businesses have increased by 2.8 million in early 2018 to 9.5 million in early 2019 (a nearly 340% boost in detections).

Ransomware attacks hijack a user’s data by encrypting their information through a piece of malware. Victims are then pressed to pay a ransom to recover access to their data.

To protect your systems from ransomware, it’s mandatory to have strong, reliable perimeter safeguards in place (i.e. firewalls) to protect your network from potential malware uploads. Experts also suggest having each individual workstation protected through their own anti-virus programs; ensuring each computer is continuously assessed for existing threats.

Additionally, it’s vital to have a business continuity or disaster recovery plan in place to prevent permanent data loss. Businesses are highly recommended to have offsite backups of their information – allowing for quick restoration in case of infected or compromised systems.

Denial-of-service attacks

Denial-of-service (DDoS) attacks are designed to flood a website’s server with extra traffic, causing it to slow down or crash altogether.

According to digital marketing executive of Signity Software Solutions, Hima Pujara, there are typically three types of DDoS attacks: application-layer attacks, volumetric attacks, and protocol attacks.

Volumetric attacks flood a server with false data requests, rendering them unable to process legitimate server traffic. Application-layer attacks usually focus on only one machine, and target the topmost layer of the OSI network model – concentrating on HTTP, HTTPS, SMTP, or DNS. Protocol attacks send abnormal pings or partial packets to a server, overloading its memory and causing it to crash.

To protect your business network from all three attacks, its important to develop a strategy based on each type. This can include increasing the bandwidth of your server to protect it from volumetric attacks, or blacklisting any IP addresses that have participated in DDoS attacks; stunting protocol or application-layer methods.

As mentioned, having a proper disaster recovery plan in place can help minimize the impact of such attacks and protect your information from permanent loss or damage.

IoT-based attacks

Devices are increasingly becoming internet-connected, both at home and in the workplace. In fact, research shows that 127 new devices are connected every second to the internet, with IoT devices predicted to reach 75 billion worldwide by 2025.

This growing trend has offered yet another avenue for hackers to exploit, with IoT-based attacks set to dominate in 2020. IoT cyberattacks have already jumped by a whopping 300% in 2019 alone; many devices have stuck to default credentials and skipping recommended security patches, leaving them vulnerable to unauthorized access.

To protect yourself and your company from IoT-based attacks, keeping a record of all internet-connected devices and consistently updating their firmware security is critical. Be sure to implement these firmware updates before installing new smart devices to your business network.

It can also help to assess how new devices will impact the costs and complexities of your current security strategy, before incorporating them into the workplace.

Human error

Finally, all security tools, software, and their respective updates may be rendered ineffective should employees remain uninformed.

Human error continues to be one of the largest security threats nationwide – with such incidents comprising over one-third of security incidents reported in early 2019. Additionally, human error was responsible for the unauthorized disclosure of over 270,000 users’ private data in the previous year.

Consistent training and education on cybersecurity has and remains the best method in combating this; enabling all workers to do their part in maintaining a safe, secure workplace. This can involve simulated exercises in identifying phishing scams or formal courses in the basics of implementing cybersecurity.

Ensuring the right staff are dedicated to help enforce your security policies is also essential. While Kaspersky research shows that while 44% of companies admit their workers fail to comply with IT security policies, only 26% plan to properly enforce such guidelines amongst their employees.

With the right training programs and guidance, business owners can help alleviate the inevitable carelessness of their workers, and ensure all are well-equipped with the fundamental knowledge and awareness to identify, manage, and remove threats as they come.

Step up your security game in 2020

Hackers may be constantly enhancing their methods, but your business needn’t lag behind.

At DDLS – Australia’s largest provider of corporate IT and process training – we offer a wide range of cybersecurity courses to arm your workforce for 2020.

Employers can invest in our RESILIA programs; courses that offer employees and business owners with the practical training required to make informed decisions and apply effective solutions in the face of cybercrime.

Individuals can also pursue vendor-aligned cybersecurity courses (under leading bodies such as Cisco, CompTIA, and Microsoft), equipping you with the specialised cybersecurity skillsets to enhance company strategies – or to pursue a rewarding career in the industry.

With DDLS Anywhere, individuals additionally have the option of pursuing all courses online.

Boost you and your business’ security skills today, and enquire with us on a course.